Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. What is Forest Guard?The Malwarebytes research team has determined that Forest Guard is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Forest Guard?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:You may see this entry in your list of installed programs:How did Forest Guard get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Forest Guard?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Forest Guard? No, Malwarebytes removes Forest Guard completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Forest Guard installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: (BDEsoft) [File not signed] C:\Users\{username}\Desktop\softsinn\SoftSinn\ForestGuard.exe C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftSinn.lnk C:\Users\{username}\Desktop\SoftSinn.lnk C:\Users\{username}\Desktop\softsinn Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Adds the file SoftSinn.lnk"="5/27/2019 9:15 AM, 855 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file SoftSinn.lnk"="5/27/2019 9:15 AM, 807 bytes, A Adds the folder C:\Users\{username}\Desktop\softsinn\SoftSinn Adds the file ForestGuard.exe"="5/24/2019 1:11 PM, 379392 bytes, A Adds the file l.txt"="3/6/2019 10:34 AM, 3986 bytes, A Adds the file load2.exe"="5/15/2019 11:18 AM, 77312 bytes, A Adds the file logger.exe"="5/24/2019 1:09 PM, 238080 bytes, A Adds the file unins000.dat"="5/27/2019 9:15 AM, 2084 bytes, A Adds the file unins000.exe"="5/27/2019 9:14 AM, 730789 bytes, A Adds the folder C:\Users\{username}\Desktop\softsinn\SoftSinn\Data Adds the folder C:\Users\{username}\Desktop\softsinn\SoftSinn\Setting Adds the file setting.ini"="5/27/2019 9:16 AM, 162 bytes, A Adds the folder C:\Users\{username}\Desktop\softsinn\SoftSinn\Temp Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\BDEsoft] "{55861586-C050-4EE9-8280-DD6466A4EB71}"="REG_SZ", "MjAxOS0wNi0yNiAwOToxNjowMQ==" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{68F15829-5EB7-406D-98D6-20B4A2167CB9}_is1] "DisplayName"="REG_SZ", "SoftSinn version 3.6.0" "DisplayVersion"="REG_SZ", "3.6.0" "EstimatedSize"="REG_DWORD", 2231 "HelpLink"="REG_SZ", "http://www.SoftSinn.com/" "Inno Setup: App Path"="REG_SZ", "C:\Users\{username}\Desktop\softsinn\SoftSinn" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "(Default)" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.6.1 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190527" "InstallLocation"="REG_SZ", "C:\Users\{username}\Desktop\softsinn\SoftSinn\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 6 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "SoftSinn" "QuietUninstallString"="REG_SZ", ""C:\Users\{username}\Desktop\softsinn\SoftSinn\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Users\{username}\Desktop\softsinn\SoftSinn\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.SoftSinn.com/" "URLUpdateInfo"="REG_SZ", "http://www.SoftSinn.com/" "VersionMajor"="REG_DWORD", 3 "VersionMinor"="REG_DWORD", 6 [HKEY_CURRENT_USER\Software\Softsinn\softsinn] "key"="REG_SZ", "softsinn2019" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/27/19 Scan Time: 9:23 AM Log File: 63f5acc0-8050-11e9-b6f0-00ffdcc6fdfc.json -Software Information- Version: Components Version: 1.0.586 Update Package Version: 1.0.10786 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236344 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 6 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.Softsinn, C:\USERS\{username}\DESKTOP\SOFTSINN\SOFTSINN\FORESTGUARD.EXE, Quarantined, [3680], [687785],1.0.10786 Module: 1 PUP.Optional.Softsinn, C:\USERS\{username}\DESKTOP\SOFTSINN\SOFTSINN\FORESTGUARD.EXE, Quarantined, [3680], [687785],1.0.10786 Registry Key: 2 PUP.Optional.Softsinn, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68F15829-5EB7-406D-98D6-20B4A2167CB9}_IS1, Quarantined, [3680], [677737],1.0.10786 PUP.Optional.Softsinn, HKCU\SOFTWARE\Softsinn, Quarantined, [3680], [677738],1.0.10786 Registry Value: 1 PUP.Optional.Softsinn, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68F15829-5EB7-406D-98D6-20B4A2167CB9}_IS1|DISPLAYNAME, Quarantined, [3680], [677737],1.0.10786 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 PUP.Optional.Softsinn, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SOFTSINN.LNK, Quarantined, [3680], [681816],1.0.10786 PUP.Optional.Softsinn, C:\USERS\{username}\Desktop\SoftSinn.lnk, Quarantined, [3680], [687785],1.0.10786 PUP.Optional.Softsinn, C:\USERS\{username}\DESKTOP\SOFTSINN\SOFTSINN\FORESTGUARD.EXE, Quarantined, [3680], [687785],1.0.10786 PUP.Optional.Softsinn, C:\USERS\{username}\DESKTOP\INSTALL2.EXE, Quarantined, [3680], [687794],1.0.10786 Generic.Malware/Suspicious, C:\USERS\{username}\DESKTOP\SOFTSINN\SOFTSINN\LOGGER.EXE, Quarantined, [0], [392686],1.0.10786 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Today
  4. Sorry its on a mac so that program wouldn't run
  5. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  6. Hi I have just downloaded and run malwarebytes to get rid of trovi and/or bing but it didn't detect either - have I done something wrong with the download or run?
  7. Hello there, I am very savvy when it comes to not getting caught out by phishing scams and any attempts to get me to provide sensitive information of bogus websites. That being said, somehow someone ordered two £100.00 Amazon Vouchers without my consent and not using my laptop this month. I know it is true because when I log into amazon.co.uk it shows as an order. I have contacted Amazon to inform them about it but it has left me wondering how this is even possible. I have two step authentication set up, so even if they knew my password from one of the many breaches which seem to happen all the time with websites being hacked, how did they get in? Even when I try to login, it usually asks me to verify using my phone. That makes me wonder if there is actually something on my system that I should be concerned about. I am using Bitdefender Total Security 2019 (fully up-to-date), which has detected nothing malicious during a thorough scan of everything (it took over 15 hours). I ran GMER 2.2.19882 and couldn't see anything obvious, could someone else please cast their eye over this? Needless to say, in the mean time I have changed my password. rootkit.log
  8. I didn't see this posted anywhere around here and happened to spot the unmistakable Malwarebytes logo while watching Ralph Breaks the Internet this evening and found a posting about it on Reddit: One of the Malwarebytes staff commented on the thread as well. Here is the (relatively) spoiler-free context of how it shows up, but I've placed parts in spoiler tags anyway just in case any of you haven't seen it and don't want any plot details spoiled: the 'Antivirus District' which is represented by a large building containing the logos of many well known AV/AM products, and featured front and center is the blue Malwarebytes logo plain as day Other products featured are Kaspersky, BitDefender, Sophos, Rising, Trend Micro, Avira, Avast, COMODO, ESET, AVG, Emsisoft, Safe Network, Symantec and (I believe) Windows Defender (the Windows 10 version, represented by the blue shield composed of 4 quadrants). Later in the film when actually approaching the building you can also see Webroot and the Malwarebytes logo again briefly. Anyway, the coolest part is obviously this:
  9. By the way, if you are going the route of removing Malwarebytes temporarily while they work out this issue you should be able to install the Malwarebytes Anti-Exploit standalone beta. It's free and provides the same excellent Exploit Protection provided in Malwarebytes 3 Premium. You can find out more and get the build in this topic.
  10. For what it's worth, the Developers have been working on this problem for a long time and they do project that it should be fixed in the next Malwarebytes release which I expect to be published within the next month or so (possibly sooner; it all depends on how long it takes them to put in all their changes and fixes and complete testing) so you shouldn't have to deal with this issue for much longer. In the meantime you can either just make do without Malwarebytes temporarily until then or avoid anything that installs any entries into the Winsock. I know those options aren't ideal, but hopefully you won't have to worry about it for much longer. An additional item I'd recommend to help keep you secure until then would be to install the Malwarebytes browser extension if you haven't already. It's very powerful and works with Chrome and other Chromium based browsers like SRWare Iron, Vivaldi and Microsoft's new Chromium based Edge browser as well as Mozilla Firefox. It blocks bad websites similar to how Web Protection in Malwarebytes 3 does but adds some additional features such as clickbait blocking, ad blocking, tracker blocking (for privacy on the web), and behavior based blocking for phishing sites, tech support scams and other common malicious types of websites (it uses databases/black lists similar to Web Protection in Malwarebytes 3 but also includes behavioral blocking for specific categories of harmful websites). The only downside is that it only shields your browser where it is installed as an add-on/extension, whereas the Web Protection in Malwarebytes 3 protects the entire system by hooking into the network stack of the operating system. It is also fully compatible with Malwarebytes so you can continue using it even after this issue is resolved and it will augment your protection: Chrome Firefox If you haven't already, I'd also suggesting using a good ad blocker like Adblock Plus or uBlock Origin, and if you're concerned about privacy you can use some good privacy plugins like Ghostery, Privacy Badger and Disconnect. Also be sure to enable Windows Defender or install some other AV in the meantime if you're going to run without Malwarebytes until this issue is fixed (you can also keep the AV after the issue is fixed if you want it as an added layer of protection as Malwarebytes works just fine in real-time with most AVs). Also, be sure to keep an eye on the top area/pinned topics in this area as that will be where they will announce the new Malwarebytes build when it is released.
  11. Well I'm using google chrome and windows 10, is that enough info?
  12. Another note: In regards to the link attached for saving my passwords (https://betanews.com/2018/03/09/export-chrome-passwords/) there is no password export option although there is a sync and an import option though I am unsure if the sync is the newer version to the export version.
  13. This sub-forum is for submitting web sites that are falsely blocked by Malwarebytes or are perceived to be falsely blocked. If it is malicious site and you need help in cleaning the system so the system no longer connects to the malicious site, you have to identify what software you are using and on what OS. Then this thread can be moved to the appropriate Malware Removal sub-forum.
  14. This site has been cleaned and is ready to be reviewed. Thanks.
  15. Yea, thanks exile, i think the other one is networx maybe is causing the problem but, anyway, i cant have malwarebytes always going against the things i use, and you cant even add to white list im really sad too to let go, since i have been using it for so long, but i decided to give a rest for 1 year, then i will install it again next year hopefully everything can work out, maybe should bring up this issue, see if there is a better way to do it, and not just break off the connection with server and cant even activate your license.
  16. Can someone please tell me what this is and how I can remove it???
  17. In the meanwhile I have removed the exe from the windows folder and removed the tasks, however I believe there are still traces left
  18. OK, please create a fresh set of logs and post them so I can take a look, I'm sure we can get this sorted out: Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  19. A friend of mine installed an infected Kms activator that has R@1 snagged on resulting in less then desired operation, was wondering if anyone could help me with a fixlist.txt from the results of the farbar scan. Thanks in advanced. FRST.txt
  20. Hi Exile i have already uninstalled that one before i came here for help, it seems thats not the problem or not the ONLY one causing the problem
  21. Yesterday
  22. I would also like to read the details on how you reached the conclusion that these those log entries were kernel errors and how you traced them to PIA/Malwarebytes interactions.
  23. Hello @Brannon and In your next reply to this topic, please let the forum know: The full version number of the Operating System. (Apple icon -> About This Mac) The full model identifier of the Mac. (Apple icon -> About This Mac -> Select System Report... -> Model Identifier) The version number of the PIA application in use. (Launch PIA -> Select the PIA icon -> Select the three (3) vertical dots in the PIA GUI -> Select Settings) Full Malwarebytes version number. (Malwarebytes GUI -> Malwarebytes -> About Malwarebytes -> Version information) Thank you.
  24. Sorry for the long delay. I started to change my passwords and whoever has been accessing my account is trying to react to them. For some reason they keep trying to get into my twitch so I'm not sure if they're trying to make a link or what, but my two factor is going off like every 2-3 minutes at the moment of this response. I'll get right on that redownload now. Thanks for your patience.
  25. Fixed in: MBAM2 Version: v2019.05.26.07 MBAM3 Version: 1.0.10782
  26. Thanks for the information. It is a false positive and I'm working on removing the rule from the database.
  1. Load more activity
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.